So no matter how many times I kill exim4 it immediately comes back to life. I have stopped the service and everything but something is bringing it back to life and using it for spamming.
How do I find who is the culprit, in other words, who is starting the exim process?
$ ps -ef | grep exim
root 3038 1 0 14:48 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5Mf-0000mt-L7
107 3042 3038 0 14:48 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5Mf-0000mt-L7
root 5083 1 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5N0-0001Jr-88
107 5233 5083 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5N0-0001Jr-88
root 7420 1 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NR-0001vb-Km
107 7430 7420 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NR-0001vb-Km
root 7454 1 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NR-0001wA-Rl
107 7478 7454 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NR-0001wA-Rl
root 7518 1 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NS-0001xF-8C
107 7523 7518 0 14:49 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5NS-0001xF-8C
root 8863 1 0 14:50 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5Nm-0002Ir-93
107 8866 8863 0 14:50 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5Nm-0002Ir-93
root 8876 1 0 14:50 ? 00:00:00 /usr/sbin/exim4 -Mc 1YR5Nm-0002J5-Ee
sudo tail /var/log/dmesg
. on ubuntu you can just saytail dmesg
. and don't forget to check other logs. as well. the debug log may not get notified of that failure, but hopefully sys or messages does./var/log/dmesg
and/var/log/syslog
but don't see anything there. Are you sure this permission error shows up there?